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FOREWORD

This Indian Standard (Part 1) which is identical with ISO 11442-1 : 1993 `Technical product documentation -- Handling of computer-based technical information: Part 1 Security requirements' issued by the International Organization for Standardization (ISO) was adopted by the Bureau of Indian Standards on the recommendation of Drawings Sectional Committee and approval of the Basic and Production Engineering Division Council. This standard (Parl 1) covers security aspects involved in the handling of computer-aided design (CAD) information. These computer security is with regard to installation and operation; system security; document contents and communication. Other parts of this series are given as follows: IS 15024 (Part 2): 2001 IS 15024 (Part 3) :2001 IS 15024 (Part 4): 2001 Technical product documentation -- Handling of computer-based technical information: Part 2 Original documentation Technical product documentation -- Handling of computer-based technical information: Part 3 Phases in the product design process Technical product documentation -- Handling of computer-based technical information: Pati 4 Document management and retrieval system

The text of ISO Standard has been approved as suitable for publication as Indian Standard without deviations. In this adopted standard, certain terminology and conventions are not identical to those used in Indian Standards. Attention is particularly drawn to the following: a) Wherever the words `International read as `Indian Standard'. Standard' appear, referring to this standard, they should be

b) Comma (,) has been used as a decimal marker while in Indian Standards the current practice is to use a full point (.) as the decimal marker. In this adopted standard, reference appears to certain international Standards for which Indian Standards also exist. The corresponding Indian Standards which are to be substituted in their place are listed below along with their degree of equivalence for the editions indicated:

International Standard
ISO 10209-1:1992

Corresponding Indian Standard
product IS 8930 (Part 1) : 1995 Technical -- Vocabulary Part 1 Terms documentation relating to technical drawings: General and types of drawings (first revision) IS 15025:2001 Technical product documentation -- Requirements for computer-aided design and draughting -- Vocabulary

Degree of Equivalence
Identical

iSO/TR 10623:1991

do
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1

Scope

This part of ISO 11442 covers security aspects involved in the handling of computer-aided design (CAD) information. Such computer security is divided into four areas: a) security with regard to installation b) system security; c) security with regard to document contents; and operation;

the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this part of ISO 11442 are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. Members of IEC and ISO maintain registers of currently valid International Standards. ISO 10209-1:1992, Technics/ product documentation -- Vocabulary -- Part 1: Terms relating to technical drawings: general and types of drawings. lSO/TR 10623:1991, Technics/product documentation -- Requirements for computer-aided design and draughting -- Vocabulary.

d) security with regard to communication. Areas a) and b) apply to computerization in any form, irrespective of the subject area, and are therefore not dealt with in detail in this part of ISO 11442, with the exception of backup copying, to which special attention should be paid in computer-aided design techniques. The use of this part of ISO 11442 is intended itate: to facil-

3

Definitions

For the purposes of this part of ISO 11442, the definitions given in ISO 10209-1 apply. Further terminology is given in lSOflR 10623.

-- communication -- consideration

with quality assurance within the company and outside; of the different the design work; security

functions

4 Structural security

relationship

of computer

aspects

in

The structural relationship of the various security tems is presented schematically in figure 1.

sys-

-- purchase of appropriate

systems

and services.

5 Security with regard to installation and operation
NOTE 1 For access authorization. see 7.1.

2

Normative

references
5.1 Installation
shall follow the Installation of computer equipment specifications of the supplier.

The following standards contain provisions which, through reference in this text, constitute provisions of this part of ISO 11442. At the time of publication,
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5.1.1

Electricity

supply

In addition to correct voltage and power, the quality of the electricity supply (protection against brief Power cuts and transients) shall be considered. This applies to ordina~ power as well as backup power supplies. 5.1.2 Ventilation heat gen-

Once a week as a minimum the entire database concerned should be backup-copied. The original backup copy is physically stored in a location different from that of the original document.

6
6.1
6.2

System security
Security Security of operation of application systems systems

Adequate ventilation is required to remove erated by the computer. 5.1.3 Cooling equipment

The computer program actually used should be reguIarly checked against the version that was intended to be used. may require separate

Extensive computer cooling facilities. 5.1.4 Magnetism

7 7.1
media shall

Security

of document

contents

Authorization

Magnetic tapes, disks and other magnetic be protected against magnetic fields. 5.1.5 Electrostatic environment

Rules shall be laid down concerning authorization to create/design, read/copy, check/approve, revise and phase out document contents These rules shall be documented with among other things, quality assurance. regard to,

The equipment shall be protected against static electricity caused by, for example, synthetic floor coverings. 5.1.6 Trespassing

The use of user identification (user ID) and passwords (or card of authorization, etc.) permits access to:

-- various computer-aided

activities;

The location of computers in work areas may require reconsideration of access regulation, to reduce the risk of unauthorized access.

-- data for a product range or part of a product range; -- different document drawing). types (e.g. item list, assembly

5.2
5.2.1

Operation
Service end maintenance are recommended to limit computer

Service contracts downtime, 5.2.2 Stand-by

Passwords and user IDs should not be shared. Passwords should be kept secret and changed regularly; old passwords should not be re-used. Table 1 gives an example ation levels. of a distribution of authoriz-

equipment Each authorized person has a unique user ID and password. The degree of authorization for the user ID shall be approved by the manager of the function area involved and shall be administered by the person in charge of the system. The user ID and password should not have any connection to name, employment number, social security number, birth date or any other related information. Passwords may include non-alphabetic as well as alphabetic characters. For further information different computer-aided 7.2 concerning routines for the activities, see ISO 11442-3.

To eliminate, as far as possible, long computer downtimes in connection with serious equipment faults, access to suitable stand-by equipment should be guaranteed. 5.2.3 Backup copy

Original backup copying shall be carried out in accordance- with established and documented routines. This ensures that entered data are not lost by, e.g., faults in the electrical system, computer malfunction or operator error. The routine shall specify personal responsibility, time schedule, storage medium and storage place, etc. Temperature and humidity control is necessary for some storage media. Original backup copying is recommended at the end of each day for transactions carried out during the day.

Copyright

Because not all countries have established legislation forbidding unauthorized copying or use, each document should be provided with a clause prohibiting this.

2

IS

15024

( Part 1 1:2001 :1993

ISO

11442-1

The clause should be affixed on any document recorded on a physical support. A label containing this clause should be physically taped on the storage medium. The same clause should appear at the beginning and end of the data file when transmitted on a communication medium. This procedure is adequate in most countries. To obtain protection in many other countries, a copyright marking is required. This marking consists of "o Company name 19XX" (where 19XX is the year in which the contents of the document were made available). In cases where the symbol Q cannot be used, it shall be replaced by the word "COPYRIGHT" When important changes are made in the contents of the document, the original year shall be retained

and shall be indicated as shown above. At the same time, the year of the revision can be given. This is not mandatory, but the copyright protection time is thereby extended.

8
8.1

Communication Transfer protocol

security checking

Check the rules according to which the data is being transferred from one application package to another. Data shall be in defined form (input/output). 8.2

Data transfer

protection

The data which are being transferred shall be protected. Output data shall be in defined form.

Table Person authorized NNA NNB
NNC NNC

1 -- Authorization Check/ approve

in the design process Revisa Phase out x Document type Product ranga XA XA XA XB XB XB

Creata/ design
x

Read/copy x x x x

x

1
1;3 1;2;3 1;2;3

x

NND NNE

x

x x x

x

1 1;3
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Bureau of Indian Standards BIS is a statutory institution established under the Bureau of Indian Standards Act, 1986 to promote harmonious development of the activities of standardization, marking and quality certification of goods and attending to connected matters in the country. Copyright BIS has the copyright of all its publications. No part of these form without the prior permission in writing of BIS. This does of implementing the standard, of necessary details, such designations. Enquiries relating to copyright be addressed to Review of Indian Standards Amendments are issued to standards as the need arises on the basis of comments. Standards are also reviewed periodically; a standard along with amendments is reaffirmed when such review indicates that no changes are needet if the review indicates that changes are needed, it is taken up for revision. Users of Indian Standards should ascertain that they are in possession of the latest amendments or edition by referring to the latest issue of '61S Catalogue' and `Standards: Monthly Additions'. This Indian Standard has been developed from Doc : No.
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